An attacker compromised the Amps contract 12 hours ago, stealing ~$6,700 USDC from 112 Amps users. 

@phil and the Amps team fixed the issue and refunded users. @horsefacts and the Farcaster team have been assisting. Farcaster wallets are safe and unaffected.

Who was affected?

Users who gave Amps an allowance to withdraw USDC from their wallet to purchase likes and recasts were affected.

Users who simply used Amps to receive funds for likes and recasts are unaffected. Users who did not use Amps are unaffected.

What happened?

The Amps team will publish a detailed report soon.  In short, their contract had a vulnerability and the attacker was able to withdraw USDC that the users have given Amps permission to withdraw. 

Some users gave Amps the permission to withdraw all USDC from their wallet, and the attacker was able to withdraw all USDC. 

Are Farcaster wallets unsafe?

No, Farcaster wallets remain safe to use. The exploit is entirely within the Amps contract and only affects users who explicitly gave Amps the permission to access their USDC.

What should I do to be safe?

Never give permissions to withdraw unlimited funds (as a user) and never ask for these permissions (as a dev). It is safer to ask user to transfer in a fixed amount (e.g. 100 USDC), and top up as needed.

amps

Last night, a malicious actor took an advantage of an exploit in the Amps contract code to withdraw USDC from some of our users' wallets.

The exploit has been patched, affected users have been contacted and refunded, and we are working on publishing a full post-mortem.

No additional funds are at risk and neither signers nor wallet permissions are at risk.

Thank you for your attention to this matter!

The Amps exploit was due to an unprotected reinitializer on their upgradeable contract. The attacker called reinitialize, set themselves as the owner, and changed the implementation to a malicious contract. This is a very common bug in upgradeable contracts. (1/5)

The Amps exploit was due to an unprotected reinitializer on their upgradeable contract. The attacker called reinitialize, set themselves as the owner, and changed the implementation to a malicious contract. This is a very common bug in upgradeable contracts. (1/5)

https://farcaster.xyz/phil/0x1aa4e6f9

I work at the posts office

terminally.online

The Amps team reinitialized the contract to the max version to permanently claim back ownership. Too late to save funds that were already transferred, but the exploit is no longer possible and any new or unexploited allowances to the contract are safe. (2/5)

If you want to be extra cautious, you can use this mini app to revoke your USDC allowance to Amps. (3/5)

If you are the owner of an upgradeable smart contract, you should check for unprotected initializers and ensure that your implementation cannot be initialized.

Here's a good explainer of the initialization pattern and common errors. (4/5)

Thanks to @bertwurst.eth and @hamdan for sounding the alarm and to everyone who helped with the response. (5/5)

If you are the owner of an upgradeable smart contract, you should check for unprotected initializers and ensure that your implementation cannot be initialized.

Here's a good explainer of the initialization pattern and common errors. (4/5)
https://rareskills.io/post/initializable-solidity

If you want to be extra cautious, you can use this mini app to revoke your USDC allowance to Amps. (3/5)

https://farcaster.xyz/miniapps/iX85orRFS90j/revoke-amps